USG40 - disable DPD on IKEv2
Options
train_wreck
Posts: 5
I want to disable DPD on an IKEv2 site-to-site tunnel. How do I do this? There is no "dpd" command available under "ikev2 policy <policyname>". The only setting available is "dpd-interval", and the only valid values are 15-60. There is no option in the GUI. I tried "no dpd-interval", and the CLI accepted the input, but the DPDs continue to be sent, and the CLI still reports it being enabled when running "show ikev2 policy". Firmware is latest version available as of this post.
What's the secret here?
0
All Replies
-
Hi @train_wreck
The DPD function can be disabled by CLI command:
Router(config-ikev2 NAME)# no dpd-interval
However, this will disable the DPD sending out proactively
If peer side DPD still working, the device will reply it.
So this function need to be disabled on both of sides.
The DPD function is a mechanism to check peer device networking status to prevent zombie tunnel situation and it is enabled by default. It’s also recommended to enable it on both sites.
0
Zyxel Employee
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 908 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 200 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
